To secure web services, you must consider a broad set of security requirements, including authentication, authorization, privacy, trust, integrity, confidentiality, secure communications channels, delegation, and auditing across a spectrum of application and business topologies. You can choose to configure Web Services Security for the application level, the server level or the cell level, depending upon your environment and security needs.
You can configure HTTP outbound transport level security with the administrative console.
You can configure the HTTP outbound transport level security for a web service using Java properties.
You can configure HTTP basic authentication for Java API for XML-based RPC (JAX-RPC) web services with the administrative console.
JAX-RPC and JAX-WS WS-Security configurations use XML-based SOAP messages to exchange information between applications. You can use an XPath expression to select specific elements in a SOAP message to sign or encrypt.
You can configure name-value pairs of data, where the name is a property key and the value is a string value that you can use to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available through options in the administrative console.
The Web Services Security service programming interface (WSS SPI) provides programming interfaces for securing Web Services Security.
Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment. Using JAX-WS, development of web services and clients is simplified with greater platform independence for Java applications through the use of dynamic proxies and Java annotations.
The Java™ API for XML-based RPC (JAX-RPC) specification enables you to develop SOAP-based interoperable and portable web services and web service clients. JAX-RPC simplifies development of web services by shielding you from the underlying complexity of SOAP communication, and enables clients to access a web service as if the web service was a local object mapped into the client's address space.
You can enable Web Services Security by using cryptographic hardware devices for both web service clients and web service providers that are running in the WebSphere® Application Server environment.
XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. XML digital signature is one of the methods WebSphere® Application Server provides to secure web services. You can use the WebSphere® Application Server administrative console to configure XML digital signature.
XML encryption is one method that WebSphere® Application Server provides to secure web services. You can use XML encryption in conjunction with XML digital signature to scramble the content while verifying the authenticity of the message sender. Using XML encryption, you can encrypt an XML element, the content of an XML element, or arbitrary data such as an XML document.